Computer security is an important issue in electronic communication systems. Since devices that operate on the endpoints of networks (e.g. client or server computers, networking devices, etc.) are often vulnerable to attacks, many existing security systems are configured to operate on endpoint devices. Security measures such as network data monitoring and virus scanning tend to be computationally intensive operations. Security functions and other duties of the system such as executing non-security related applications and performing networking functions typically compete for system resources, including processing cycles, memory and storage space. The devices often have to make trade-offs between system security and system performance.
Typically, large networks attempt to resolve this problem by deploying security measures within the network. Devices such as firewalls and Intrusion Detection/Prevention Systems can usually prevent malicious network traffic from reaching the endpoints. For security devices to properly function, it is usually required that all network traffic must pass through the links secured by the security device. While the requirement is often met in switched networks, it is sometimes unfulfilled in environments where shared medium such as a wireless network is used. Thus, network level security protections are often less effective for devices that are connected to a shared medium such as a broadcast wireless network.
Although IDS's, firewalls and other network monitors can detect attacks, they typically cannot intercept attacks before the attacks reach the endpoint devices. To increase the level of security protection and prevent attacks, the devices are typically required to devote more resources to perform security functions locally. Furthermore, an IDS deployed on a wireless network typically cannot monitor the entire network without deploying numerous sensors throughout the broadcast radius. The cost associated with the deployment and maintenance of the sensors is sometimes prohibitive for some wireless networks.
It would be desirable to have a technique that could prevent attacks on endpoint devices, especially devices connected to a shared medium. It would also be useful if the technique could monitor networking environments such as wireless networks without requiring extensive new deployment of sensors and without significantly sacrificing productivity and performance.